I am trying to connect to Microsoft Defender API using Elastic Filebeat. I followed the instructions here register a new application with granted permission.
Create app for Microsoft Defender
However, when trying to call the api, i encountered this message:
Error while processing http request: failed to execute http client.Do:
server responded with status code 403:
{"error":{"code":"Forbidden","message":"The application does not have
any of the required application permissions (Alert.ReadWrite.All,
Alert.Read.All, Incident.ReadWrite.All, Incident.Read.All) to access
the resource.","target":}} {"input_source":
"https://api.security.microsoft.com/api/incidents", "input_url":
"https://api.security.microsoft.com/api/incidents"}
Can anyone assist me on this ?
EDIT: Added JWT token screenshot for reference if needed
JWT decoded screenshot
Your token lacks permissions, you need to use the client credential flow to obtain the token:
Parse the token:
Related
I am trying to do a Get Request for REST API Azure from Postman.
https://dev.azure.com/{organization}/{project}/_apis/pipelines/{pipelineId}/runs/{runId}?api-version=6.0-preview.1
I am trying to do the auth with my PAT (empty username and PAT as password) and I get 401 status code.
Can anyone tell me why it is not working ?
I dont have Full access token, I am using Custom access scope with ToKenAdmin and Tokens Scope added.
When I just try to access the link from browser, it works.
Azure DevOps Rest Call giving 401 status code
The 401 status code indicates a permission issue.
You should have the token with ToKen Build (Read):
I am trying to use an AWS single sign on script from my company to log into aws using the internal Azure Platform. When trying to log into the platform using SSO, I receive the following error messages:
Logging in to Azure AD...
Please enter your username(email address): test#company.com
Please enter your password: ********
Login failed: Authorization failed, please activate company's VPN.
The logs of the sso script show me this information:
2022-07-11 11:57:42,042 auth_with_adfs 207 | DEBUG | loginMessage: Authorization failed
2022-07-11 11:57:42,042 log_in_to_aad 174 | ERROR Login failed: Authorization failed, please activate your company's VPN.
I have activated the VPN so that is not the issue.
By looking at the internals of the files that raise those errors I found out that during the failed login process the login page for the Microsoft Office 365 Identity Platform is returned.
The login webpage tells me that I receive the following error when logging in with my credentials:
Error details: MSIS7012: An error occurred while processing the request. Contact your administrator
My POST request seems to be redirected with a 302 code and GET the login page with a 200 OK response.
So I can tell that I get stuck during the login process and according to the error message it is an authorization issue. My credentials are correct so I am wondering what needs to be changed here to get correct access? Is there some permissions missing I should have a closer look at? Do I need to make changes in AzureAD somehow?
Thanks in advance for looking into this, I know the information is sparse but I hope it is enough.
I am trying to retrieve the web job history of an Azure web job via REST using a .NET backend and the OAuth2 credentials flow (as described here
https://learn.microsoft.com/en-us/rest/api/appservice/web-apps/get-triggered-web-job-history-slot)
How do I need to authenticate correctly?
I retrieve the token as follows:
POST https://login.microsoftonline.com/{MySubscription}/oauth2/v2.0/token
client_id={MyApp}
&grant_type=client_credentials
&scope=https://management.azure.com/.default
&client_secret={myclient_secret}
I get a token back, however I get a 403 error message when I try to retrieve the resource:
GET https://management.azure.com/subscriptions/{MySubscription}/resourceGroups/{MyResource}/providers/Microsoft.Web/sites/{MyApp}/slots/{MySlot}/triggeredwebjobs/{MyWebjob}/history?api-version=2021-02-01
Authorization: Bearer {MyToken}
Client '{MyApp}' with object ID '{MyApp}' is not
authorized to perform the action
'Microsoft.Web/sites/slots/triggeredwebjobs/history/read' using the
scope
'/subscriptions/{MySubscription}/resourceGroups/{MyResource}/providers/Microsoft.Web/sites/{MyApp}/slots/{MySlot}/triggeredwebjobs/{MyWebjob}'
or the scope is invalid. If access was granted recently, please update
your credentials.
What am I doing wrong?
I already added the API-Permission
The "403 Token invalid" error usually occurs if you missed giving permissions to particular scope (Azure Service Management).
By giving this scope it enables you to access https://management.azure.com
To resolve this error, please follow below steps:
Go to Azure Ad ->your application -> API permissions -> Add permission -> Azure Service Management -> delegated permissions ->User impersonation -> Add
After giving these permissions try to retrieve the resource again, there won't be any error.
Since I didn't find a solution that worked with OAuth2 and the Credentials flow, I got it working with Basic Authentication. The username (userName) and password (userPWD) can be taken from the publishing profile of the respective app service.
GET https://{appservicename}.scm.azurewebsites.net/api/triggeredwebjobs/{jobName}/history
Authorization Basic ....
I am trying to use Microsoft.Graph to access the onedrive files. I am referring to the sample provided on GitHub link
https://github.com/OneDrive/onedrive-texteditor-js
in this sample while getting the file link(CreateLink). I am getting following error
{"error":{"code":"InvalidAuthenticationToken","message":"CompactToken parsing failed with error code: 80049217","innerError":{"date":"2022-03-21T12:49:24","request-id":"45725ccf-a752-45c3-8208-9040e4177e4b","client-request-id":"45725ccf-a752-45c3-8208-9040e4177e4b"}}}
Do I need some subscription to do this setting or am I missing anything?
Is there any other setting is required to resolved this access issue?
Is there any other way of getting the sharelink of onedrive file?
What I have tried:
I have given API Permissions in Microsoft azure application of which I have used the applicationId in request. I have found one URL: https://learn.microsoft.com/en-us/azure/app-service/scenario-secure-app-access-microsoft-graph-as-user?tabs=azure-resource-explorer%2Cprogramming-language-csharp.
(Configure App Service to return a usable access token) But I could not find this setting in my azure application.
Please check below 2 steps to diagnose the problem,
1.Login into https://developer.microsoft.com/en-us/graph/graph-explorer , Hit the same API and check access token on jwt.ms and make sure you have required permissions to perform.
2.Also check your token expiry time (exp), might be it got expired. Go to jwt.ms to check token details, check the attached image to see where you find token exp_time.
If the token got expired ,please follow the docs to get new token.
When I call the bing speech rest api a few days ago, I get an error and do not return a result.
System.Net.WebException: The remote server returned an error: (503) Server Unavailable.
at System.Net.HttpWebRequest.GetResponse()
at SpeechRESTSample.Program.Main(String[] args) in C:\Users\kaki1\Source\Repos\Cognitive-Speech-STT-ServiceLibrary\sample\SpeechRESTSample\Program.cs:line 78
The remote server returned an error: (503) Server Unavailable.
Renewed token.
or Internal Server Error
Does not provide services?
If I use the sample code directly to get the token then I got the 401 error.
The FetchTokenUri is changed from https://api.cognitive.microsoft.com/sts/v1.0 to
https://{region}.api.cognitive.microsoft.com/sts/v1.0/issueToken
we could get the authentication endpoint from this link.
And the endpoints for the Speech to Text REST API is the following format
https://{region}.stt.speech.microsoft.com/speech/recognition/conversation/cognitiveservices/v1
I also test it locally I can get the token with the endpoint.
For more demo code, please refer to this.